CVE-2025-22962

Name of the Vulnerable Software and Affected Versions: GatesAir Maxiva UAXT, VAXT transmitters (affected versions not specified)

Description: A critical remote code execution issue exists in the web-based management interface of the affected transmitters when debugging mode is enabled. An attacker with a valid sess id can send specially crafted POST requests to the "/json" endpoint, enabling arbitrary command execution on the underlying system. This can lead to full system compromise, including unauthorized access, privilege escalation, and potentially full device takeover.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.